CWE-1392
AllowedUse of Default Credentials
Abstraction: Base · Status: Incomplete
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
191 vulnerabilities reference this CWE, most recent first.
GHSA-P5WP-WJHW-5M95
Vulnerability from github – Published: 2025-03-16 15:32 – Updated: 2025-03-16 15:32A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-2341"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-16T15:15:36Z",
"severity": "LOW"
},
"details": "A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-p5wp-wjhw-5m95",
"modified": "2025-03-16T15:32:02Z",
"published": "2025-03-16T15:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2341"
},
{
"type": "WEB",
"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-1-default-credentials-for-ssid-cwe-1393"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.299807"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.299807"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.512418"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P7J8-2RGX-MWXM
Vulnerability from github – Published: 2025-05-16 09:30 – Updated: 2025-05-16 09:30Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.
{
"affected": [],
"aliases": [
"CVE-2025-1531"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-16T07:15:47Z",
"severity": "MODERATE"
},
"details": "Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.",
"id": "GHSA-p7j8-2rgx-mwxm",
"modified": "2025-05-16T09:30:36Z",
"published": "2025-05-16T09:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1531"
},
{
"type": "WEB",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P8QR-WW3F-6MVM
Vulnerability from github – Published: 2025-01-15 21:31 – Updated: 2025-01-15 21:31A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-0482"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-15T20:15:28Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-p8qr-ww3f-6mvm",
"modified": "2025-01-15T21:31:42Z",
"published": "2025-01-15T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0482"
},
{
"type": "WEB",
"url": "https://github.com/Fanli2012/native-php-cms/issues/4"
},
{
"type": "WEB",
"url": "https://github.com/Fanli2012/native-php-cms/issues/4#issue-2769866348"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.291927"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.291927"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.475237"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PR72-8FXW-XX22
Vulnerability from github – Published: 2025-08-19 22:24 – Updated: 2025-08-29 20:37Impact
This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files
config.yaml, docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections.
Who is impacted? All users who deploy nginx-defender with default credentials and expose the admin interface to untrusted networks.
Patches
The issue is addressed in v1.5.0 and later.
Startup warnings are added if default credentials are detected. Documentation now strongly recommends changing all default passwords before deployment. Patched versions: 1.5.0 and later Will be fully patched in v1.7.0 and later
Workarounds
Users can remediate the vulnerability without upgrading by manually changing all default credentials in configuration files before deployment:
# config.yaml
auth:
default_password: "your_strong_password_here"
# docker-compose.yml
- GF_SECURITY_ADMIN_PASSWORD=your_strong_password
Restrict access to the admin interface and use environment variables for secrets.
References
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/Anipaleja/nginx-defender"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-55740"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-19T22:24:40Z",
"nvd_published_at": "2025-08-19T20:15:35Z",
"severity": "MODERATE"
},
"details": "### Impact\nThis is a configuration vulnerability affecting nginx-defender deployments. Example configuration files \n[config.yaml](https://github.com/Anipaleja/nginx-defender/blob/main/config.yaml), [docker-compose.yml](https://github.com/Anipaleja/nginx-defender/blob/main/docker-compose.yml) contain default credentials (`default_password: \"change_me_please\"`, `GF_SECURITY_ADMIN_PASSWORD=admin123`). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections.\n\n**Who is impacted?**\nAll users who deploy nginx-defender with default credentials and expose the admin interface to untrusted networks.\n\n### Patches\nThe issue is addressed in v1.5.0 and later.\n\nStartup warnings are added if default credentials are detected.\nDocumentation now strongly recommends changing all default passwords before deployment.\nPatched versions:\n1.5.0 and later\n**Will be fully patched in v1.7.0 and later**\n\n### Workarounds\nUsers can remediate the vulnerability without upgrading by manually changing all default credentials in configuration files before deployment:\n```yaml\n# config.yaml\nauth:\n default_password: \"your_strong_password_here\"\n```\n\n```yml\n# docker-compose.yml\n- GF_SECURITY_ADMIN_PASSWORD=your_strong_password\n```\nRestrict access to the admin interface and use environment variables for secrets.\n\n### References\n- [Security Configuration Guide](https://github.com/Anipaleja/nginx-defender/blob/main/docs/security-config.md)\n- [Full Security Advisory](https://github.com/Anipaleja/nginx-defender/security/advisories)\n- [Library README](https://github.com/Anipaleja/nginx-defender/blob/main/lib/README.md)\n- [README](https://github.com/Anipaleja/nginx-defender/blob/main/README.md)",
"id": "GHSA-pr72-8fxw-xx22",
"modified": "2025-08-29T20:37:35Z",
"published": "2025-08-19T22:24:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Anipaleja/nginx-defender/security/advisories/GHSA-pr72-8fxw-xx22"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55740"
},
{
"type": "PACKAGE",
"url": "https://github.com/Anipaleja/nginx-defender"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Default Credentials in nginx-defender Configuration Files"
}
GHSA-Q3H2-6968-258W
Vulnerability from github – Published: 2026-07-02 21:32 – Updated: 2026-07-02 21:32AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via add_default_user() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full control of the application, including RSS feed configuration, downloader configuration, and all authenticated API endpoints.
{
"affected": [],
"aliases": [
"CVE-2026-58466"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-02T20:17:06Z",
"severity": "CRITICAL"
},
"details": "AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via add_default_user() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full control of the application, including RSS feed configuration, downloader configuration, and all authenticated API endpoints.",
"id": "GHSA-q3h2-6968-258w",
"modified": "2026-07-02T21:32:12Z",
"published": "2026-07-02T21:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58466"
},
{
"type": "WEB",
"url": "https://github.com/EstrellaXD/Auto_Bangumi/issues/1041"
},
{
"type": "WEB",
"url": "https://github.com/EstrellaXD/Auto_Bangumi/commit/487bdfec545e805ae416e6ddf28651bd274d6a73"
},
{
"type": "WEB",
"url": "https://github.com/EstrellaXD/Auto_Bangumi/releases/tag/3.2.8"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/autobangumi-hard-coded-default-credentials-via-add-default-user"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q6GQ-VXG6-9M9P
Vulnerability from github – Published: 2025-12-09 21:31 – Updated: 2025-12-09 21:31COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
{
"affected": [],
"aliases": [
"CVE-2021-47707"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T21:15:49Z",
"severity": "CRITICAL"
},
"details": "COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the \u0027passkey\u0027 parameter set to \u00271234\u0027, allowing them to access the web control panel.",
"id": "GHSA-q6gq-vxg6-9m9p",
"modified": "2025-12-09T21:31:49Z",
"published": "2025-12-09T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47707"
},
{
"type": "WEB",
"url": "https://www.commax.com"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/50210"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/commax-cvd-axx-dvr-weak-default-credentials-stream-disclosure"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q6PV-P83M-GWHP
Vulnerability from github – Published: 2025-10-25 18:30 – Updated: 2025-11-10 15:31Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
{
"affected": [],
"aliases": [
"CVE-2025-12218"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-25T16:15:40Z",
"severity": "CRITICAL"
},
"details": "Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.",
"id": "GHSA-q6pv-p83m-gwhp",
"modified": "2025-11-10T15:31:03Z",
"published": "2025-10-25T18:30:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12218"
},
{
"type": "WEB",
"url": "https://azure-access.com/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QCX5-4HHW-RPVH
Vulnerability from github – Published: 2026-06-22 21:31 – Updated: 2026-06-22 21:31Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-44273"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-22T20:16:29Z",
"severity": "MODERATE"
},
"details": "Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.",
"id": "GHSA-qcx5-4hhw-rpvh",
"modified": "2026-06-22T21:31:00Z",
"published": "2026-06-22T21:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44273"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QRWG-49X6-M5P2
Vulnerability from github – Published: 2025-08-08 18:32 – Updated: 2025-08-08 18:32A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-8731"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-08T16:15:28Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-qrwg-49x6-m5p2",
"modified": "2025-08-08T18:32:22Z",
"published": "2025-08-08T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8731"
},
{
"type": "WEB",
"url": "https://github.com/Nicholas-wei/bug-discovery/blob/main/trendnet/TPL-430AP_FW1.0.1/trendnet_several_vulns.pdf"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319227"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319227"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.621749"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R3PP-W9MM-8FCC
Vulnerability from github – Published: 2025-07-20 21:31 – Updated: 2025-07-20 21:31A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-7907"
],
"database_specific": {
"cwe_ids": [
"CWE-1392"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-20T21:15:23Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-r3pp-w9mm-8fcc",
"modified": "2025-07-20T21:31:18Z",
"published": "2025-07-20T21:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7907"
},
{
"type": "WEB",
"url": "https://github.com/yangzongzhuan/RuoYi/issues/297"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.317022"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.317022"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.618362"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.
Mitigation
Force the administrator to change the credential upon installation.
Mitigation
The product administrator could change the defaults upon installation or during operation.
No CAPEC attack patterns related to this CWE.